WordPress Plugin Vulnerabilities

Product Table for WooCommerce < 5.0.0 - Reflected XSS

Description

The plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Affects Plugins

Plugin icon
woo-product-table
Fixed in 5.0.0

References

CVE
CVE-2025-22307
URL
https://patchstack.com/database/wordpress/plugin/woo-product-table/vulnerability/wordpress-product-table-for-woocommerce-plugin-3-5-6-reflected-cross-site-scripting-xss-vulnerability

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.1 (high)

Miscellaneous

Original Researcher
Le Ngoc Anh
Verified
No
WPVDB ID
f939cae4-4c75-4bce-914b-62023c3b7863

Timeline

Publicly Published
2025-01-06 (about 1 year ago)
Added
2025-01-15 (about 1 year ago)
Last Updated
2025-05-12 (about 9 months ago)

Other

Published
Title
Published
2024-12-11
Title
CSV to html < 3.15 - Reflected Cross-Site Scripting
Published
2023-11-20
Title
Grab & Save <= 1.0.4 - Reflected Cross-Site Scripting
Published
2025-02-21
Title
Flagged Content <= 1.0.2 - Reflected Cross-Site Scripting
Published
2014-05-28
Title
Rezgo Online Booking < 1.8.2 - Multiple XSS
Published
2025-09-30
Title
SiteGround Email Marketing < 1.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting